CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using...

7.3CVSS7AI score0.00484EPSS

Exploits0References2

Cvelist•added 2025/06/04 4:32 p.m.•31 views

CVE-2025-2336 AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize'

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

4.8CVSS0.00198EPSS

Exploits0References2

Vulnrichment•added 2025/06/04 4:32 p.m.•7 views

CVE-2025-2336 AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize'

4.8CVSS5AI score0.00198EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 1:5 a.m.•10 views

CVE-2022-28284

SVG's element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

8.8CVSS6.3AI score0.00328EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:23 p.m.•5 views

CVE-2020-15562

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...

6.1CVSS5.4AI score0.00861EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by